According to a security bulletin, the security flaw affects all versions of Flash Player from 10.2.153.1 and earlier on Windows, Mac OS X, Linux and Solaris platforms. It also affects versions 10.2.156.12 and earlier on all Android operating systems. The flaw also affects Adobe Reader and Acrobat however the company is confident that its Protect Mode measures in Adobe Reader X would prevent this style of attack from executing. However, the company says it will address this issue in Acrobat and Reader X when it releases its next quarterly update, due on or around June 14.
The flaw is reported to be activated by webpages or flash (.swf) files embedded into Microsoft Word or Excel files and sent as attachments.
All users of Flash Player are recommended to upgrade to version 10.2.159.1 (version 10.2.154.27 for Google Chrome users).
Those using Adobe Air should upgrade to version 2.6.19140.
However, while PC users can fix the issue now, Adobe says it doesn’t have a fix yet for Android users but expects to do so no later than the week of April 25.
- Microsoft finds security bug in 64-bit Windows 7, Windows Server 2008
- Adobe releases Flash Player 10.1 to smartphone vendors
- Google Chrome reaches stable status for Linux and Mac OS X
- World’s Internet Explorer users at risk from new security flaw
- No word from Intel Australia on Cougar Point replacement